Welcome to this special first release of WhatWe Call “Security”.
This is a book about information security, but one looking at things from a macro, human, and industry level rather than an academic or technical one.
This is atypical for “security”, and the result of me perhaps being an atypical “security person”. One who likes to think about how the big picture fits together.
For example, despite my current title of Chief Technologist (for Security) at CDW, I don’t really care about technology.
I’ll be honest with you; I don’t get particularly excited about “security” either.
I’m far more interested in business and business outcomes. I’m passionate about driving efficiency, organisational culture, quality, the bottom line, potential, and people.
Here's the kicker: These things, in my opinion, generate better security too. Far better than the status quo focused almost exclusively on “security” technology, while also making it a tangible business contributor rather than an ambiguous cost centre.
And that’s what this book is about. Having an honest (and at times brutal) look at why the current approach is failing and why I feel we need to approach things not just at a higher level, but also very differently.
Unlike most security books out there, this one is more about taking an executive view, giving a cultural critique, and doing some strategic ideation. Heck, in parts it’s almost philosophical.
It highlights principles that, if taken in with an objective mind, I hope will resonate. Principles I hope some of you will adopt.
Note that it assumes some familiarity about current practices and the associated problems. Enough so that when I give analogies, things click.
On that note, it may be worthwhile to read my last book, Rethinking InfoSec, before (or after) reading this one.
While my thinking there was certainly less mature than in this book, when read together you may see some of its chapters in a new light and get greater a context of some of the issues I want to address here.
Neither book is comprehensive, not even close, but hopefully they can open up new avenues of thinking and spark ideas that will benefit you.
That is my main goal. If it can do that, then I would consider it a success.
Finally, yes, these are largely opinions. My opinions, based on my experience and results. Some of the stories and anecdotes have been slightly modified, mostly to protect the guilty.
Feel free to dismiss or ignore them, my only ask is that you be objective in doing so because some people much smarter than me, who have taken a step back and looked at things beyond the status quo, share them too.
On with the show.
If you’re ready to prove the impact your cyber initiatives are having in a business context through evidence-based solutions, we’re ready show you.Request Demo